Enhancements to fraud and deception prevention in open multi-agent marketplaces

Fraud and deception in online marketplaces has been an on-going problem. This thesis proposes novel techniques and mechanisms using agent technology to protect buyers and sellers in online environments such as eBay. The proposed solution has been rigorously tested and the results show good commercial promise.

A distributed active defense system against DDoS attacks

This thesis proposes a novel architecture of Distributed Active Defense System (DADS) against Distibuted Denial of Service (DDoS) attacks. Three sub-systems of DADS were built. For each sub-system corresponding algorithms were developed, prototypes implemented, criteria for evaluation were set up and experiments in both simulation and real network laboratory environments were carried out.

Evolving nature of fraud investigation and prevention

This thesis is concerned with the evolution of fraud investigation and prevention in light of the advances in computing technology. These recent advances have impacted upon traditional fraud offences as well as creating a range of new crimes. The financial significance of fraud is growing whereas law enforcement and the judicial system appear to be unable to meet the demands of these emerging crimes and its victims. This research compares the responses of our present and future investigators with those of our current business leaders from the government and the commercial sectors. This research establishes the needs of corporate decision-makers and the attitudes of police with regard to fraud. Data relating to persons arrested and convicted of fraud was also analysed to identify the issues that may be responsible for the non-reporting of offences to police by victims. The research found that victims are seeking solutions that are not available through law enforcement, for example financial compensation. Law enforcement also under-utilises the potential of proactive responses to prevent offences and they are reluctant to acknowledge the benefits of preventative measures and to incorporate this strategy within criminal investigation training programmes. The lack of deterrence offered by the judicial system does not make the situation any better. The police function is still primarily a reactive one. In order to overcome fraud and to be able to adapt to changes there needs to be collaboration between stakeholders. This requires a joint effort from the police, government, commerce and the victims of fraud. An innovative model involving stakeholders has been formulated that represents an alternative to the current system. This approach utilises the financial resources and expertise from the commercial sector as well as the skills of criminal investigators from the police. This means adopting a combined package of both reactive and proactive measures in order to minimise the impact of fraud. This model will be adaptive and will be able to accommodate any future requirements arising out of further inevitable advances in computer technology.

Rule-based dependency models for security protocol analysis

Security protocol analysis has been discussed for quite some time in the past few years. Although formal methods have been widely used to identify various vulnerabilities, mainly susceptibility to freshness attacks and impersonation, the arisen inconsistent data between principals and collusion attacks held by a group of dishonest principals have been largely ignored. Moreover, the previous methods focus on reasoning about certain security-related properties and detecting known attacks against secure message, whereas there have been insufficient efforts to handle the above hidden but powerful attacks. In this paper, we address these critical issues and prove the efficiency and intuitiveness of rule-based dependency models in defending a protocol against the attacks. This is able to provide a numerical estimation to measure he occurrence of these attacks. It will be useful in enhancing the current protocol analysis.

Professionals' attributions and referral decisions in cases of domestic violence

This thesis is the first national study of workers who have contact with victims and perpetrators of domestic violence. It highlights that the victim and perpetrator's gender, as well as the relevant professional's agency type and experience, all influenced their attitudes to, and service delivery decisions with, domestic violence-related clients. The portfolio utilises four case studies to examine the way that two Victorian sex offender programs attempt to balance risk-need and good lives principles in the assessment and treatment of sex offenders.

A performance testing framework for digital forensic tools

This thesis surveys the latest development of digital forensic tools designed for anti-cybercrime purposes. It discusses the necessity of testing the digital forensics tools, and presents a novel testing framework. This new testing framework takes the viewpoint of software vendors rather than traditional software engineering approaches.

Dissecting computer fraud : from definitional issues to a taxonomy

Computer frauds, while less dramatic than crimes of violence, can inflict significant damage at community, organizational or individual level. In order to properly quantify and mitigate the risk, computer frauds needs to be well understood. In this paper, in a conceptual-analytical research approach, we propose a dissection of computer fraud. First, we look into the elements of an offense, the act of fraud in general, than explain what is and what is not computer fraud. Next, from a prevention perspective, we propose a taxonomy of computer fraud with respect to perpetration platform, and to perpetration method. We believe that our contributions extend the existing knowledge of the phenomenon, and can assist those fighting computer fraud to better understand it and to design means of preventing and reporting it.

Defining fraud: issues for organizations from an information systems perspective

Fraud is one of the besetting evils of our time. While less dramatic than crimes of violence like murder or rape, fraud can inflict significant damage at organizational or individual level.

Fraud is a concept that seems to have an obvious meaning until we try to define it. As fraud exists in many different guises, and it is necessary to carefully define what it is and to tailor policies and initiatives accordingly.

Developing a definition of fraud is an early step of a prevention program. In order to be involved in the protection function, people at all levels of an organization must be knowledgeable about fraud. In this paper, we discuss the risk of fraud from an information systems perspective, explain what fraud is and present a range of definitions of fraud and computer fraud. We argue that without clearly defining fraud, organizations will not be able to share information that has the same meaning to everyone, to agree on how to measure the problem, and to know the extent of the problem, in order to decide how much and where to deploy resources to effectively solve it.

Policy, preparation, prevention and punishment: one faculty's holistic approach to minimising plagiarism

Most Australian universities have made attempts of various kinds to address plagiarism. Some have responded in recent times with a primary focus on catching and punishing plagiarists, often assisted by computer software packages. Others have taken a more holistic approach incorporating foci on policy, assessment regime and student preparation and education as well as on ensuring appropriate consequences for plagiarists. This paper outlines one example of the latter approach in one Australian university faculty and details the outcomes in terms of policy recommendations and resources to support the approach. The necessity of evidence-based evaluation of attempts to reduce plagiarism in higher education is argued.

Older persons' perception of risk of falling : implications for fall-prevention campaigns

Objectives. We examined older people's attitudes about falls and implications for the design of fall-prevention awareness campaigns.

Methods. We assessed data from (1) computer-assisted telephone surveys conducted in 2002 with Australians 60 years and older in Northern Rivers, New South Wales (site of a previous fall-prevention program; n=1601), and Wide Bay, Queensland (comparison community; n=1601), and (2) 8 focus groups (n=73).

Results. Participants from the previous intervention site were less likely than were comparison participants to agree that falls are not preventable (odds ratio [OR]=0.76; 95% confidence interval [Cl]=0.65, 0.90) and more likely to rate the prevention of falls a high priority (OR=1.31; 95% CI=1.09, 1.57). There was no difference between the groups for self-perceived risk of falls; more than 60% rated their risk as low. Those with a low perceived risk were more likely to be men, younger, partnered, and privately insured, and to report better health and no history of falls. Focus group data indicated that older people preferred messages that emphasized health and independence rather than falls.

Conclusions. Although older people accepted traditional fall-prevention messages, most viewed them as not personally relevant. Messages that promote health and independence may be more effective.

Can social dancing prevent falls in older adults? a protocol of the Dance, Aging, Cognition,Economics (DAnCE) fall prevention randomised controlled trial

Background:  Falls are one of the most common health problems among older people and pose a major economic burden on health care systems. Exercise is an accepted stand-alone fall prevention strategy particularly if it is balance training or regular participation in Tai chi. Dance shares the ‘holistic’ approach of practices such as Tai chi. It is a complex sensorimotor rhythmic activity integrating multiple physical, cognitive and social elements. Small-scale randomised controlled trials have indicated that diverse dance styles can improve measures of balance and mobility in older people, but none of these studies has examined the effect of dance on falls or cognition. This study aims to determine whether participation in social dancing: i) reduces the number of falls; and ii) improves cognitive functions associated with fall risk in older people.

Methods/design: A single-blind, cluster randomised controlled trial of 12 months duration will be conducted. Approximately 450 participants will be recruited from 24 self-care retirement villages that house at least 60 residents each in Sydney, Australia. Village residents without cognitive impairment and obtain medical clearance will be eligible. After comprehensive baseline measurements including physiological and cognitive tests and self-completed questionnaires, villages will be randomised to intervention sites (ballroom or folk dance) or to a wait-listed control using a computer randomisation method that minimises imbalances between villages based on two baseline fall risk measures. Main outcome measures are falls, prospectively measured, and the Trail Making cognitive function test. Cost-effectiveness and cost-utility analyses will be performed.

Discussion: This study offers a novel approach to balance training for older people. As a community-based approach to fall prevention, dance offers older people an opportunity for greater social engagement, thereby making a major contribution to healthy ageing. Providing diversity in exercise programs targeting seniors recognises the heterogeneity of multicultural populations and may further increase the number of taking part in exercise.

Policy-based SQLIA detection and prevention approach for RFID systems

While SQL injection attacks have been plaguing web application systems for years, the possibility of them affecting RFID systems was only identified very recently. However, very little work exists to mitigate this serious security threat to RFID-enabled enterprise systems. In this paper, we propose a policy-based SQLIA detection and prevention method for RFID systems. The proposed technique creates data validation and sanitization policies during content analysis and enforces those policies during runtime monitoring. We tested all possible types of dynamic queries that may be generated in RFID systems with all possible types of attacks that can be mounted on those systems. We present an analysis and evaluation of the proposed approach to demonstrate the effectiveness of the proposed approach in mitigating SQLIA.

Prevention of transnational transplant-related crimes—What more can be done?

Many nations are able to prosecute transplant-related crimes committed in their territory, but transplant recipients, organ sellers and brokers, and transplant professionals may escape prosecution by engaging in these practices in foreign locations where they judge the risk of criminal investigation and prosecution to be remote.Methods. The Declaration of Istanbul Custodian Group convened an international working group to evaluate the possible role of extraterritorial jurisdiction in strengthening the enforcement of existing laws governing transplant-related crimes across national boundaries. Potential practical and ethical concerns about the use of extraterritorial jurisdiction were examined, and possible responses were explored. Results. Extraterritorial jurisdiction is a legitimate tool to combat transplant-related crimes. Further, development of a global registry of transnational transplant activities in conjunction with a standardized international referral system for legitimate travel for transplantation is proposed as a mechanism to support enforcement of national and international legal tools. Conclusions. States are encouraged to include provisions on extraterritorial jurisdiction in their laws on transplant-related crimes and to collaborate with professionals and international authorities in the development of a global registry of transnational transplant activities. These actions would assist in the identification and evaluation of illicit activities and provide information that would help in developing strategies to deter and prevent them.